A significant change in the most recent release of the PCI DSS (version 3.2) includes multi-factor authentication (MFA) as a requirement for any personnel with administrative access into environments handling card data. The standard has required MFA for all remote access since version 1.0, but the new change is to require MFA for ALL admin-level access to CDE, even within a local secure network, to ensure the identity of an individual is truly validated prior to accessing CDE resources.